<?php

class Acl extends Zend_Acl {
    public function  __construct() {
        //Добавляем роли
        $this->addRole('user');
        $this->addRole('library_user', 'user');
        $this->addRole('librarian', 'library_user');
        $this->addRole('director', 'librarian');

        //Добавляем ресурсы
        $this->add(new Zend_Acl_Resource('user_allow'));
        $this->add(new Zend_Acl_Resource('library_user_allow'));
        $this->add(new Zend_Acl_Resource('librarian_allow'));
        $this->add(new Zend_Acl_Resource('director_allow'));

        //Выставляем права, по-умолчанию всё запрещено
        $this->deny(null, null, null);
        $this->allow('user', 'user_allow', 'show');
        $this->allow('library_user', 'library_user_allow', 'show');
        $this->allow('librarian','librarian_allow', 'show');
        $this->allow('director','director_allow', 'show');
    }

    public function can($privilege='show'){
        //Инициируем ресурс
        $request = Zend_Controller_Front::getInstance()->getRequest();
        $resource = $request->getControllerName() . '/' . $request->getActionName();
        //Если ресурс не найден закрываем доступ
        if (!$this->has($resource))
            return true;
        //Инициируем роль
        $storage_data = Zend_Auth::getInstance()->getStorage()->read();
        $role = array_key_exists('status', $storage_data)?$storage_data->status : 'guest';
        return $this->isAllowed($role, $resource, $privilege);
    }
}